因违反内容安全政策而拒绝连接到网址

时间:2016-09-16 08:41:21

标签: javascript content-security-policy

这是我的控制台中的错误:
this is the error in my console

这是元的实际代码:

<meta http-equiv="Content-Security-Policy" content="connect-src &apos;self&apos; data: gap: https://ssl.gstatic.com ; style-src &apos;self&apos; &apos;unsafe-inline&apos;; media-src *">

我正在开发cordova中的Android应用程序。我正在尝试从照片中的划痕URL中检索数据。这是index.html 

html>
<head>
<body>


        <div role="main" class="ui-content">
            <div class="app">
        <h1>Apache Cordova</h1>
        <div id="deviceready" class="blink">
            <p class="event listening">Connecting to Device</p>
            <p class="event received">Device is Ready</p>
        </div>
    </div>

这是index.js 

var app = {
// Application Constructor
initialize: function() {
    this.bindEvents();
},
// Bind Event Listeners
//
// Bind any events that are required on startup. Common events are:
// 'load', 'deviceready', 'offline', and 'online'.
bindEvents: function() {
    document.addEventListener('deviceready', this.onDeviceReady, false);
      document.addEventListener('loadcities', this.onDeviceReady, false);
},
// deviceready Event Handler
//
// The scope of 'this' is the event. In order to call the 'receivedEvent'
// function, we must explicitly call 'app.receivedEvent(...);'
onDeviceReady: function() {
    app.receivedEvent('deviceready');
    app.receivedEvent('loadcities');
},

// Update DOM on a Received Event
receivedEvent: function(id) {
  if (id === 'deviceready') {
    var parentElement = document.getElementById(id);
    var listeningElement = parentElement.querySelector('.listening');
    var receivedElement = parentElement.querySelector('.received');

    listeningElement.setAttribute('style', 'display:none;');
    receivedElement.setAttribute('style', 'display:block;');

    console.log('Received Event: ' + id);}
    else if (id === 'loadcities') {
      var url = "http://uiiuh"
        $.getJSON(url).done(function(response){
                    if(!response.length){
                        console.warn("Empty list of cities");
                    }
                    config.cities = response;
                    $('body').trigger('city-data');
                }).fail(function(data, status, error){
                    console.error("Something went wrong retrieving the cities via API")
                });
        }

    }

};

app.initialize();

我现在只想在控制台中显示检索到的数据。

1 个答案:

答案 0 :(得分:2)

内容安全政策将connect-src限制为selfdata:gap:(这是科尔多瓦的事情吗?)和https://ssl.gstatic.com - 这个表示任何从URL中加载资源的尝试都将被阻止。

由于脚本尝试从http://uiiuh加载JSON数据,因此它被阻止;您需要将http://uiiuh添加到CSP规则中允许的来源列表中。

相关问题
最新问题